271 matches found
CVE-2020-2113
Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission...
CVE-2020-2112
Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission...
Cross site scripting
Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission...
Cross site scripting
Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission...
CVE-2020-2124
CVE-2020-2124 affects Jenkins Dynamic Extended Choice Parameter Plugin (versions ≤ 1.0.1). The vulnerability: passwords are stored unencrypted in job config.xml files on the Jenkins master, allowing access by users with Extended Read permission or master FS access. Impact is exposure of stored cr...
CVE-2020-2112
CVE-2020-2112 affects Jenkins Git Parameter Plugin (versions
CVE-2020-2113
CVE-2020-2113 affects Jenkins Git Parameter Plugin versions 0.9.11 and earlier. The UI shows the default value without escaping, enabling stored XSS exploitable by users with Job/Configure permission. Affected component is the Git Parameter Plugin’s UI input handling; root cause is lack of escapi...
CVE-2020-2112
Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission...
CVE-2020-2113
Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission...
PT-2020-15319 · Jenkins · Jenkins Git Parameter Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Git Parameter Plugin versions 0.9.11 and earlier Description: The issue results in a stored cross-site scripting vulnerability. It is exploitable by users with Job/Configure permission due to the parameter name not being escaped on th...
PT-2020-15320 · Jenkins · Jenkins Git Parameter Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Git Parameter Plugin versions 0.9.11 and earlier Description: The issue results in a stored cross-site scripting vulnerability. This is exploitable by users with Job/Configure permission. The vulnerability occurs because the default...